My fork of airsonic with experimental fixes and improvements. See branch "custom"
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
airsonic-custom/contrib/airsonic.service

55 lines
1.6 KiB

[Unit]
Description=Airsonic Media Server
After=remote-fs.target network.target
AssertPathExists=/var/airsonic
[Service]
Type=simple
Environment="JAVA_JAR=/var/airsonic/airsonic.war"
Environment="JAVA_OPTS=-Xmx700m"
Environment="AIRSONIC_HOME=/var/airsonic"
Environment="PORT=8080"
Environment="CONTEXT_PATH=/airsonic"
Environment="JAVA_ARGS="
EnvironmentFile=-/etc/sysconfig/airsonic
ExecStart=/usr/bin/java \
$JAVA_OPTS \
-Dairsonic.home=${AIRSONIC_HOME} \
-Dserver.context-path=${CONTEXT_PATH} \
-Dserver.port=${PORT} \
-jar ${JAVA_JAR} $JAVA_ARGS
User=airsonic
Group=airsonic
# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# for details
DevicePolicy=closed
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectControlGroups=yes
ProtectHome=true
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallFilter=~@clock,@debug,@module,@mount,@obsolete,@privileged,@reboot,@setuid,@swap
ProtectSystem=full
# You can uncomment the following line if you don't want airsonic to be able to
# write anything on your filesystem outside of AIRSONIC_HOME.
# Don't forget to remove the other `ProtectSystem` line above.
#ProtectSystem=strict
#ReadWritePaths=/var/airsonic
# You can uncomment the following line if you're not using the OpenJDK.
# This will prevent processes from having a memory zone that is both writeable
# and executeable, making hacker's lifes a bit harder.
#MemoryDenyWriteExecute=yes
[Install]
WantedBy=multi-user.target